From: Jeffrey Altman Date: Thu, 21 Mar 2013 23:34:25 +0000 (-0400) Subject: Windows: FSCTL_SET_REPARSE_POINT NULL ptr dereference X-Git-Tag: upstream/1.8.0_pre1^2~1280 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=ed1b562b8174028502099bd224e7e73740a89362;p=packages%2Fo%2Fopenafs.git Windows: FSCTL_SET_REPARSE_POINT NULL ptr dereference Avoid a potential NULL pointer dereference if the ParentObjectInfo object cannot be found. If the Btree lookup fails, do not call AFSCreateSymlink() and do not decrement the ObjectInfo refcount. Doing so will result in a BSOD. Change-Id: Ibd3e4ebb343f6c3cff8bf1cb160e42938d0f906c Reviewed-on: http://gerrit.openafs.org/9643 Tested-by: BuildBot Reviewed-by: Peter Scott Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- diff --git a/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp b/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp index 991e40de9..cd8a95381 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp @@ -849,8 +849,7 @@ AFSProcessUserFsRequest( IN PIRP Irp) ullIndex, (AFSBTreeEntry **)&pParentObjectInfo); - if ( NT_SUCCESS( ntStatus) && - pParentObjectInfo) + if ( NT_SUCCESS( ntStatus)) { lCount = AFSObjectInfoIncrement( pParentObjectInfo, @@ -865,32 +864,36 @@ AFSProcessUserFsRequest( IN PIRP Irp) AFSReleaseResource( pCcb->DirectoryCB->ObjectInformation->VolumeCB->ObjectInfoTree.TreeLock); - // - // Extract out the information to the call to the service - // + if ( NT_SUCCESS( ntStatus)) + { + + // + // Extract out the information to the call to the service + // - ntStatus = AFSCreateSymlink( &pCcb->AuthGroup, - pParentObjectInfo, - &pCcb->DirectoryCB->NameInformation.FileName, - pCcb->DirectoryCB->ObjectInformation, - &uniTargetName); + ntStatus = AFSCreateSymlink( &pCcb->AuthGroup, + pParentObjectInfo, + &pCcb->DirectoryCB->NameInformation.FileName, + pCcb->DirectoryCB->ObjectInformation, + &uniTargetName); - AFSDbgTrace(( AFS_SUBSYSTEM_FILE_PROCESSING, - AFS_TRACE_LEVEL_VERBOSE_2, - "AFSProcessUserFsRequest Processed FSCTL_SET_REPARSE_POINT request %wZ Type 0x%x Attrib 0x%x Status %08lX\n", - &pCcb->DirectoryCB->NameInformation.FileName, - pCcb->DirectoryCB->ObjectInformation->FileType, - pCcb->DirectoryCB->ObjectInformation->FileAttributes, - ntStatus)); + AFSDbgTrace(( AFS_SUBSYSTEM_FILE_PROCESSING, + AFS_TRACE_LEVEL_VERBOSE_2, + "AFSProcessUserFsRequest Processed FSCTL_SET_REPARSE_POINT request %wZ Type 0x%x Attrib 0x%x Status %08lX\n", + &pCcb->DirectoryCB->NameInformation.FileName, + pCcb->DirectoryCB->ObjectInformation->FileType, + pCcb->DirectoryCB->ObjectInformation->FileAttributes, + ntStatus)); - lCount = AFSObjectInfoDecrement( pParentObjectInfo, - AFS_OBJECT_REFERENCE_DIRENTRY); + lCount = AFSObjectInfoDecrement( pParentObjectInfo, + AFS_OBJECT_REFERENCE_DIRENTRY); - AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING, - AFS_TRACE_LEVEL_VERBOSE, - "AFSProcessUserFsRequest Decrement count on object %p Cnt %d\n", - pParentObjectInfo, - lCount)); + AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING, + AFS_TRACE_LEVEL_VERBOSE, + "AFSProcessUserFsRequest Decrement count on object %p Cnt %d\n", + pParentObjectInfo, + lCount)); + } break; }